Goto-cc doesn't handle BUILD_BUG_ON_ZERO macro in Linux #7927

rodionov · 2023-09-27T20:38:26Z

CBMC version:

goto-cc --version
gcc (goto-cc 5.85.0 (cbmc-5.85.0)) 13.2.0

Copyright (C) 2006-2018 Daniel Kroening, Christoph Wintersteiger
CBMC version: 5.85.0 (cbmc-5.85.0)
Architecture: x86_64
OS: linux
gcc: 13.2.0

Exact command line resulting in the issue:

cat > test.c<< EOF
#define __is_constexpr(x) \
  (sizeof(int) == sizeof(*(8 ? ((void *)((long)(x) * 0l)) : (int *)8)))

#define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
#define GENMASK_INPUT_CHECK(h, l) \
  (BUILD_BUG_ON_ZERO(__builtin_choose_expr( \
    __is_constexpr((l) > (h)), (l) > (h), 0)))

int test(int field)
{
  return GENMASK_INPUT_CHECK(field + 3, field);
}
EOF

goto-cc /tmp/test.c 
/tmp/test.c: In function 'test':
/tmp/test.c:12:1: error: expected constant expression, but got '-(field >= field + 3 ? 0 : 1)'
   return BUILD_BUG_ON_ZERO(field + 3 > field);
CONVERSION ERROR

What behaviour did you expect:

Both gcc and clang compile this code without errors:

clang --version
Debian clang version 14.0.6
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

gcc --version
cc --version
gcc (Debian 13.2.0-2+build1) 13.2.0
Copyright (C) 2023 Free Software Foundation, Inc.

clang -c test.c
gcc -c test.c

The macro BUILD_BUG_ON_ZERO is used in Linux kernel, thus, fixing this issue would help with enabling cbmc for Linux.

The text was updated successfully, but these errors were encountered:

kroening · 2023-09-27T20:52:14Z

The problem would appear to be that __is_constexpr doesn't work as expected.

rodionov · 2023-09-27T21:03:48Z

Interestingly, defining #define BUILD_BUG_ON_ZERO(e) (e) so that the reproducer looks like

#define __is_constexpr(x) \
  (sizeof(int) == sizeof(*(8 ? ((void *)((long)(x) * 0l)) : (int *)8)))

#define BUILD_BUG_ON_ZERO(e) (e)
#define GENMASK_INPUT_CHECK(h, l) \
  (BUILD_BUG_ON_ZERO(__builtin_choose_expr( \
    __is_constexpr((l) > (h)), (l) > (h), 0)))

int test(int field)
{
  return GENMASK_INPUT_CHECK(field + 3, field);
}

doesn't generate the error by goto-cc.

Neither GCC nor Clang simplify expressions involving symbols even when the result would always be 0, which our simplifier figure out. Fixes: diffblue#7927

tautschnig · 2023-10-13T10:31:36Z

I recalled that I had looked into this before. Patch from 2021 now PRed as #7959.

Neither GCC nor Clang simplify expressions involving symbols even when the result would always be 0, which our simplifier figure out. Fixes: diffblue#7927

tautschnig self-assigned this Oct 2, 2023

tautschnig linked a pull request Oct 13, 2023 that will close this issue

Mimic GCC/Clang simplification behaviour when type checking ?: #7959

Open

3 tasks

tautschnig added the pending merge label Oct 13, 2023

tautschnig removed their assignment Oct 13, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Goto-cc doesn't handle BUILD_BUG_ON_ZERO macro in Linux #7927

Goto-cc doesn't handle BUILD_BUG_ON_ZERO macro in Linux #7927

rodionov commented Sep 27, 2023

kroening commented Sep 27, 2023

rodionov commented Sep 27, 2023

tautschnig commented Oct 13, 2023

Goto-cc doesn't handle BUILD_BUG_ON_ZERO macro in Linux #7927

Goto-cc doesn't handle BUILD_BUG_ON_ZERO macro in Linux #7927

Comments

rodionov commented Sep 27, 2023

kroening commented Sep 27, 2023

rodionov commented Sep 27, 2023

tautschnig commented Oct 13, 2023